OTT Content Preparation
1. Encryption Modes
The different DRM schemes integrated by NAGRA SSP only supports particular encryption modes. The following table sums up the current situation:
DRM | Particular implementation | isobmff based | MPEG-2 TS based |
---|---|---|---|
PlayReady | All | CENC 'cenc' | Not supported by SSP |
Widevine | Others | CENC 'cenc' | Not supported |
Android 7+ | CENC 'cenc' CENC 'cbcs' | Not supported | |
ChromeCast | CENC 'cenc' CENC 'cbcs' | Not supported by SSP | |
FairPlay Streaming | Others | Not supported | HLS SAMPLE_AES |
iOS10+ | CENC 'cbcs' | HLS SAMPLE_AES | |
PRM | OpenTV Player (SW-PRM) | CENC 'cenc' | HLS AES-128 |
STB (other more exotic algorithms can be also supported by STB) | CENC 'cenc' CENC 'cbcs' | HLS AES-128 | |
Samsung TVKeyCloud | CENC 'cenc' | Not supported |
The SSP Content Key Management system (CKM) supports all those combinations in the sense that it can generate or import keys intended to implement those encryption modes for those DRMs. In addition, the CKM enforces this matrix and prevents a packager from trying to import keys intended to be used with incompatible DRMs and/or encryption modes.
2. NAGRA Encryption Method Indicators
The NAGRA Content Key Management service relies on a specification called Encryption Method Indicators (EMI) to identify those different encryption modes. The following table provides a comprehensive mapping between usual encryption modes, EMI and the SSP content authorization token "encryptionMethod" field. Please refer to the original EMI specification for other exotic encryption modes:
Encryption mode | EMI hex | EMI dec | Content Authorization Token "encryptionMethod" |
---|---|---|---|
CENC 'cenc' | 0x4024 | 16420 | RAW_AES_128_CTR_CENC |
CENC 'cbcs' | 0x402A | 16426 | RAW_AES_128_CBC_CBCS |
HLS AES-128 | 0x4023 | 16419 | RAW_AES_128_CBC_ALS |
HLS SAMPLE_AES | 0x4029 | 16425 | RAW_AES_128_SAMPLE_ALS |
3. Integrating SSP With the Content Key Management Service (CKM)
By default if not precised by the packager, the CKM generates the DRM signaling of the DRM compatible with the encryption and streaming mode requested, as described by the following table:
Streaming mode | Encryption algorithm | EMI | DRM supported |
---|---|---|---|
DASH or Smoothstreaming | CENC 'cenc' | 0x4024 | PlayReady, Widevine, PRM |
DASH or HLS | CENC 'cbcs' | 0x402A | PlayReady, Widevine, FairPlay Streaming, PRM |
HLS | HLS AES-128 | 0x4023 | PRM |
HLS | HLS SAMPLE_AES | 0x4029 | PRM, FairPlay Streaming |
Custom | Custom | Custom | PRM on STB |
If required, the packager can specify a subset of the supported DRM in the request by precising the list of DRM System Id requested. The following table provides the list of DRM System Id supported by SSP:
DRM | DRM System Id |
---|---|
PlayReady | 9a04f079-9840-4286-ab92-e65be0885f95 |
Widevine | edef8ba9-79d6-4ace-a3c8-27dcd51d21ed |
FairPlay Streaming | 94ce86fb-07ff-4f43-adb8-93d2fa968ca2 |
PRM/SW-PRM | adb41c24-2dbf-4a6d-958b-4457c0d27b95 |
4. Integrating SSP Without Content Key Management Service (CKM)
The SSP CKM service is intended to be used to generate or import content encryption keys and also generate the related DRM signalings. If several encrypted contents already exist or if content encryption keys are provided to SSP using content key tokens, then the entity in charge of generating the DRM signalings needs to make sure this signaling is compatible with SSP. The description of the DRM signaling expected by SSP is available here.